Web based extranet architecture providing applications to non-related subscribers

ABSTRACT

An extranet includes a network which couples a plurality of non-related participants and a server coupled to the network. The server stores a plurality of applications including workgroup applicants, transaction applications, security applications and transport circuits and equipment. The server is programmed to load particular ones of the plurality of applications onto the network for use by the plurality of participants in response to a request by one of the participants for a particular application.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a continuation of and claims priority to U.S. patent application Ser. No. 13/294,484 filed Nov. 11, 2011, which is a continuation of and claims priority to U.S. patent application Ser. No. 10/744,961 filed Dec. 23, 2003, now U.S. Pat. No. 8,082,300, which is a continuation of and claims priority to U.S. patent application Ser. No. 10/246,430 filed on Sep. 17, 2002, now U.S. Pat. No. 6,697,861, which is a continuation of and claims priority to U.S. patent application Ser. No. 09/187,556 filed on Nov. 6, 1998, now U.S. Pat. No. 6,453,348. The contents of each of the foregoing are hereby incorporated by reference into this application as if set forth herein in full.

FIELD OF THE DISCLOSURE

The present invention is directed to an extra net architecture, and more particularly, to an extra net architecture utilizing Web based technology that provides a large variety of applications to non-related subscribers.

BACKGROUND OF THE DISCLOSURE

Various forms of intranets have provided companies with intraoffice communications for some time. An intranet may be defined as a private application of the same internetworking technology, software and applications within a private network for use within an organization. It may be entirely disconnected from the public Internet or it may be linked to it and protected from unauthorized access by security systems. Such known networks are commonly called “intraoffice” networks because they only allow communications within an organization.

Other networks, often referred to as “extranets” or private internets allow communications and application sharing between designated, non-related organizations. Extranets are generally closed networks that allow communications between designated parties. Various types of “extranet” architectures are known. One type of extranet architecture is often referred to as a shared private network where the organizations that have access to the network are enumerated and often a third party is in charge of updating the list of enumerated users and managing passwords. One such type of shared private network between two organizations, for example, a shipping dock and receiving dock, may be linked to exchange information regarding orders. This is generally the oldest type of extranet. Such extranets have also been used for electronic data interchange (EDI) and involve coupling two organizations through a third party provider using typically XO.25 protocols and not necessarily using Internet Protocols (“IP”). This type of extra net architecture has certain disadvantages. For one, the connection is for a specific purpose and thus has very limited application. Second, only a limited number of an organization's business partners have reason to connect in this manner. Third, typically lower data communications and lack of IP capabilities limit the general usefulness of such configurations.

Another type of extranet architecture couples a plurality of nonrelated organizations together with appropriate routing and traffic management capabilities. The organizations may communicate with one another and share various applications. Some implementations are managed by one business partner. This obviously has the drawback that such a system is expensive to implement and particularly burdensome for one party to maintain. While cost-sharing arrangements may be created, one part must still consume the same organizational resources needed to maintain a network for others. While these types of extra nets provide good security, they lack the bandwidth to accommodate a large number of applications. Other types of extranets utilize the Internet which provides increased bandwidth but lacks the security of shared private networks. One such type of network which couples organizations through the Internet is referred to as a virtual private network. The variety of virtual private network extranet utilizes facilities of one or more Internet service providers combined with the user's own VPN software instead of setting up a dedicated private network. In order to maintain a level of security, communications over the Internet must be encrypted. A main difference between a virtual private network extranet and the Internet, in general, is that for a virtual private network extranet access is encrypted and limited to designated organizations and/or individuals rather than the world at large. Of course in selecting a particular extranet architecture, the benefits in cost savings must be weighed against security risks.

It is thus desirable to provide an extranet architecture coupled to a wide diversity of applications that may be shared by non-related organizations while eliminating the need for any one organization to maintain the available applications. It is also desirable to provide an extranet architecture that provides an appropriate degree of security and privacy. It is furthermore desirable to provide an extranet architecture that is flexible and can be easily modified and updated.

BRIEF SUMMARY

According to a first aspect of the embodiments, there is provided a method for providing an extranet service between at least two subscribers. The method includes the steps of: interconnecting the plurality of subscribers by digital data circuits to form an extranet; coupling a server to the extranet wherein the server stores a plurality of applications and data including collaboration software, office productivity software, and electronic data interchange software; loading at least one of the plurality of applications onto the extranet for use by the plurality of subscribers in response to a request by a subscriber for a particular application.

According to a second aspect of the embodiments, there is provided a method for providing an extranet service between subscribers. The method includes the steps of: (a) establishing a subscriber database listing customers who subscribe to the extranet service; (b) establishing a communication link between the subscribers listed in the subscriber database to form an extranet; (c) providing collaboration software applications on the extranet; (d) providing workflow software applications on the extranet; (e) providing transaction software applications on the extra net; (f) providing electronic mail software applications on the extra net; (g) providing electronic data interchange software applications on the extranet; (h) sharing the software application provided in steps (b)-(g) among the subscribers listed in the subscriber database.

According to a third aspect of the embodiments, there is provided a method for providing an extranet service between customers, the method comprising the steps of: (a) establishing a communication link between customers to form an extra net; (b) providing workgroup software on the extra net; (c) providing transaction software on the extra net; (d) providing security software on the extranet; (e) providing transport software; (f) sharing the software provided in steps (b)-(e) to the customers on the extranet.

According to a fourth aspect of the embodiments, there is provided an extranet including a network coupling a plurality of non-related participants wherein each participant is located remotely from the other participants, and a server coupled to the network, the server storing a plurality of applications including workgroup applications, transaction applications, security applications and transport applications wherein the server is programmed to load particular ones of the plurality of applications onto the network for use by the plurality of participants in response to a request by one of the plurality of participants.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a schematic illustration of an extranet architecture according to a preferred embodiment of the present invention.

FIG. 2 is an example of a screen menu that can be displayed on a subscriber's display.

FIG. 3 is a more detailed schematic block diagram of the extranet architecture shown in FIG. 1 according to a preferred embodiment of the present invention.

FIG. 4 is a still more detailed schematic block diagram of the extranet architecture shown in FIG. 1 according to a preferred embodiment of the present invention.

FIG. 5 illustrates an extranet method for providing extranet subscribers with access to software applications.

DETAILED DESCRIPTION OF THE DRAWINGS

FIG. 1 is a schematic illustration of an extranet architecture according to a preferred embodiment of the present invention. The architecture 10 includes generally a plurality of subscribers 12, 14, 16; a shared network 18 utilizing Internet Protocol (“IP”), and a server farm 20. As shown, the shared network 18 couples the plurality of subscribers to the server farm 20. While the various components will be described in detail hereinafter, in general the server farm 20 is an interconnected grouping of storage devices that stores a multitude of applications and databases, for example, on redundant disks as will be described hereinafter.

In general, the subscribers are non-related entities, for example, different companies and/or organizations, or individuals. A subscriber on the shared network 18 may have access to some or all of the applications and data available on the server farm 20 through their network connection. Access for an individual user would be determined by what applications the user or user's organization has subscribed to; the access granted to data and applications granted by the user's organization; and the access granted to particular data files by owners of those files. This could mean access to a server-based application through a client's browser or distributing, updating and connecting a client/server application. In a preferred embodiment, Web browser technology is used to present each subscriber with a menu of applications from which they may choose merely by clicking on a particular icon displayed on a display unit (not shown).

Shown in FIG. 2 is an example of a screen menu that can be displayed on a display of a subscriber's computer, for example. Illustrated are various menu icons that represent applications available to the subscriber from which the subscriber can select merely by clicking on a menu icon. The selection of applications is intended to be illustrative and not limiting. It will be appreciated that future upgrades may replace or eliminate applications illustrated while adding new ones. For example, icon represents an electronic mail application which allows subscribers to communicate with one another over the extranet. Icon 22 represents a file transfer server application that allows subscribers to share files over the extranet. Icon 24 represents a list server application that allows subscribers to create address groups so that electronic messages can be created simply and efficiently. Icon 26 represents a partner directory that lists subscribers on the extranet. Icon 28 represents Java-based office applications which provide word processor, spreadsheet, presentations, database applications. Icon 32 represents a collaboration suite application which includes project management, discussion groups, work flow engine, document and image library and bulletin board applications. Icon 34 represents an electronic data interchange (EDI) application. This would enable low-volume EDI users to enter transactions into a Web page or enable medium-volume users to send transactions by secure EDI—MIME type e-mail. Icon 36 represents a Java applet vault application to provide, store and verify digital certificates for Java applets shared by subscribers. Of course more applications may be added to the server farm. While FIG. 2 illustrates particular applications, a subscriber's access to certain applications may be limited and not all of the subscribers may have access to all of the applications based on the user's security profile.

FIG. 3 is a more detailed schematic block diagram of the extranet architecture shown in FIG. 1 according to a preferred embodiment of the present invention. Three subscribers 12, 14 and 16 are illustrated, but, of course there may be more or less. In addition, the term “subscriber” is used to refer to non-related entities, i.e., two companies, for example. Each subscriber may have its own intranet coupling various of its organizations, for example, in the form of a local area network although the present invention is not limited to subscribers having local area networks and individuals having a workstation may also be subscribers. While only three subscribers are shown it will be appreciated that many more subscribers can be coupled together with the extranet architecture according to the present invention. The shared network 18 includes various routers, and more particularly, dial-up access routers 50, Internet access routers 52 and dedicated access routers 54 that provide the subscribers with various options for accessing the shared network 18 as will be described in greater detail hereinafter.

Security may be provided in various ways such as by what is commonly referred to as a firewall 56, one time passwords, encryption programs, digital certificates and user application security, for example. Various combinations of these security features may be used. In a preferred embodiment, these security approaches would be layered to provide a highly secure environment in which subscribers can share ideas and information. Encrypting may be accomplished by the use of virtual private networking technology or other technologies that evolve. In addition, security can be administered at the network, application, application module and user file levels to continually update needed profile information. The server farm 20 includes at least one application server 58 and a plurality of storage units 60 coupled together and to the firewall 56 by a hub 61 and local area network 62, for example. The number of storage units 60 will of course depend upon the number of applications provided and amount of user data stored on the server farm 20.

FIG. 4 is an even more detailed schematic block diagram of the extranet architecture shown in FIG. 1 according to a preferred embodiment of the present invention. Shown in FIG. 4 are subscribers 12, 14 and 16. Each subscriber may have its own intranet architecture 70 coupling its various organizations 72 which can be located at various geographic sites to one another. Alternatively, a subscriber may be one individual located at a standalone work station. Each subscriber accesses the extranet architecture through a router 74. As previously mentioned, the subscribers have various options for accessing the extranet architecture according to the present invention including analog or ISDN dial-up access or dedicated access using ATM, SMDS or frame relay protocols. FIG. 4 does not illustrate in detail the architecture for accessing the extranet architecture according to the present invention since those are well known to those of ordinary skill the art. Typically a PSTN central office 76 and a data network provider switch site 78 as well as an additional router 80 couple each subscriber to the firewall 56. In a preferred embodiment an additional router 80 is coupled to the firewall 56 by an Ethernet link. In a preferred embodiment a redundant additional router (not shown) would be provided as a back-up to additional router 80. The server farm 20 includes the hub 61, local area network 62, application servers 58 and storage units 60.

The operation of the extranet will now be described in detail. Various non-related subscribers are coupled to server farm 20 by access routers. The non-related subscribers are able to access applications and data stored by the application servers 58 and storage units 60 although access of some applications and/or data may be restricted based upon security concerns.

The present invention allows non-related entities to collaborate with one another in a simple, flexible manner without requiring any particular subscriber to maintain the integrity or currentness of the extranet. For example, company A may be working with non-related company B on the production of a part and require a logical project extranet 82 to be created between them. By using the extranet according to the present invention, companies A and B may securely exchange email, participants in discussion for a collaboratively work on documentation, spread sheets, workflow schedules, etc. Importantly, the communications and data exchanged between companies A and Bare secured from access by other subscribers on the extranet. Thus subscribers can flexibly add or delete subscribers on the extranet according to their needs. In addition, each subscriber has access to a large number of applications without having to maintain such applications. Thus, a communication link is established between the subscribers listed in a subscriber database by establishing appropriate routing tables within an established security policy.

Returning to FIG. 2 the various applications illustrated in the menu screen are commercially available products which may be used in the present invention. It will be appreciated that applications will be upgraded and new applications added and older ones deleted as the technology develops. For example, Livelink Intranet available from Open Text Corp of Toronto, Ontario Canada may be used as a collaboration software application. The Express and Trusted Link products from Harbinger Corp. of Atlanta, Ga. may be used for an electronic data interchange application software.

FIG. 5 illustrates an extranet method for providing extranet subscribers with access to software applications. The method begins at block 100. At block 102, an extranet server stores software applications, data and subscription information for extra net subscribers. At block 104, updates are performed on the stored information, including updating the subscription information and updating the stored applications. At block 106, communication access is enabled between non-related subscribers and the extra net server. At block 108, applications are shared among the extranet subscribers'. At block 110, a request is received from a subscriber for an instance of a software application. At block 112, to ensure security, the subscriber is prompted for a password or a digital certificate. At block 114, if the correct response to the security prompt is not received, the method ends. Otherwise, at block 116, the software application is made available to subscribers based on the request. At block 118, the extranet subscribers are associated in a work group, such as logical project extranet 82 illustrated in FIG. 4. At block 120, communications are secured between the extranet subscribers of the workgroup so that that the communications and data exchanged are not available to other subscribers. The workgroup proceeds in operation and the method ends at block 122.

The foregoing description of the preferred embodiments of the present invention have been presented for purposes of illustration and description. It is not intended to be exhaustive or to limit the invention to the precise form disclosed. Many modifications and variations will be apparent to practitioners skilled in the art.

Furthermore, the preferred embodiments of the present invention would be customer driven in the applications hosted. Therefore, customers could suggest applications to include on the servers. For example, different subscribers using common computer aided design (CAD) software could request the inclusion on the servers of a file library developed by their CAD software vendor.

Similarly, any process steps described might be interchangeable with other steps in order to achieve the same result. The embodiments were chosen and described in order to best explain the principles of the invention and its practical application, thereby enabling others skilled in the art to understand the invention for various embodiments and with various modifications as are suited to the particular use contemplated. 

What is claimed is:
 1. A device comprising: a memory that stores instructions; and a controller coupled to the memory and communicatively coupled to a server of an extranet, wherein responsive to executing the instructions, the controller performs operations comprising: establishing communication with the server; receiving a prompt to provide a password or a digital certificate; providing the password or digital certificate, thereby obtaining access to applications and data of the extranet; receiving a menu of available applications and data, wherein the applications and data are available in accordance with subscription information; providing a selection from the menu of an application or data; and accessing the application or data.
 2. The device of claim 1, wherein the operations further comprise establishing communication via the server with another device of a non-related subscriber on the extranet.
 3. The device of claim 2, wherein the operations further comprise exchanging communications with the other device to associate with the other device in a workgroup, and wherein the communications are secured from access by other subscribers on the extranet not included in the workgroup.
 4. The device of claim 1, wherein the selected application is a client/server application accessed using a web browser.
 5. The device of claim 4, wherein the operations further comprise presenting the menu of applications as icons on a display, and wherein the selection is provided by selecting an icon.
 6. The device of claim 1, wherein the subscription information comprises a security profile associated with a user of the device, the user being a subscriber on the extranet.
 7. The device of claim 6, wherein access to the applications and data is in accordance with the security profile.
 8. The device of claim 1, wherein the selected application comprises an electronic mail application, a file transfer server application, a list server application, a partner directory, an office application, a collaboration application, an electronic data interchange application, or a digital certificate management application.
 9. The device of claim 1, wherein the device establishes communication with the server through a router.
 10. The device of claim 1, wherein the device communicates with the server to transmit to service provider equipment of the extranet a suggestion regarding a new application to include on the extranet.
 11. A method comprising: providing, by a server of an extranet, communication access for a subscriber device to the extranet; sending, by the server, a prompt to the subscriber device for a password or a digital certificate; receiving, by the server, from the subscriber device the password or digital certificate, thereby enabling access by the subscriber device to applications and data of the extranet; sending, by the server, a menu of available applications and data for display at the subscriber device, wherein the applications and data are available to the subscriber device in accordance with a security profile; receiving, by the server, from the subscriber device a selection from the menu of an application or data; and providing, by the server, to the subscriber device access to the application or data.
 12. The method of claim 11, further comprising providing, by the server, communication access to another device of a non-related subscriber on the extranet; and enabling, by the server, an exchange of communications between the subscriber device and the other device.
 13. The method of claim 12, wherein, in accordance with the exchange of communications, the subscriber device and the other device are associated in a workgroup, and wherein communications between subscribers in the workgroup are secured from access by other subscribers on the extranet not included in the workgroup.
 14. The method of claim 11, wherein the menu is presented as a plurality of selectable icons, and wherein the selected application is a client/server application accessed using a web browser.
 15. The method of claim 11, wherein the selected application comprises an electronic mail application, a file transfer server application, a list server application, a partner directory, an office application, a collaboration application, an electronic data interchange application, or a digital certificate management application.
 16. A computer-readable storage device comprising instructions which, when executed by a processor of a subscriber device communicatively coupled to a server of an extranet, cause the processor to perform operations comprising: establishing communication with the server; receiving from the server a menu of available applications and data of the extranet, wherein the applications and data are available in accordance with a security profile associated with the subscriber device; providing a selection from the menu of an application or data; and accessing the selected application or data.
 17. The computer-readable storage device of claim 16, wherein the operations further comprise receiving from the server a prompt to provide a password or a digital certificate; and providing the password or digital certificate.
 18. The computer-readable storage device of claim 16, wherein the operations further comprise establishing communication via the server with another device of a non-related subscriber to the extranet; and exchanging communications with the other device to associate with the other device in a workgroup, wherein the communications are secured from access by other subscribers on the extranet not included in the workgroup.
 19. The computer-readable storage device of claim 16, wherein the menu is presented as a plurality of selectable icons, and wherein the selected application is a client/server application accessed using a web browser.
 20. The computer-readable storage device of claim 16, wherein the selected application comprises an electronic mail application, a file transfer server application, a list server application, a partner directory, an office application, a collaboration application, an electronic data interchange application, or a digital certificate management application. 